Fugue Survey Finds State of Cloud Infrastructure Governance a Sign of More Exploits to Come

68 percent of IT professionals rely on paper-based checklists for infrastructure policies, and 28 percent aren’t confident their cloud infrastructure is secure

Fugue, the company automating cloud infrastructure governance and policy-as-code to deliver fast, secure and compliant cloud operations, today released the results of its State of Cloud Infrastructure Governance 2017 Survey. The survey of more than 300 IT professionals, conducted by Propeller Insights in October 2017, revealed that the current state of cloud infrastructure governance is extremely poor. In spite of an ever-increasing number of security breaches, 62 percent rely on manual reviews before infrastructure is provisioned, and 42 percent have no cloud infrastructure governance processes in place. Additionally, 28 percent of IT professionals aren’t confident their cloud infrastructure is secure.

“The cloud has completely transformed IT. Infrastructure has been largely ‘abstracted away,’ but it’s still there, and it’s often ungoverned and insecure,” said Josh Stella, CEO of Fugue. “The cloud can be as secure—or even more secure—than traditional data centers. But relying on paper-based checklists and manual reviews doesn’t scale. Only automated solutions can keep up with the pace of change that is outstripping human ability to govern infrastructure and operations.”

Cloud Infrastructure Governance Sorely Lacking

The vast majority of businesses are increasingly reliant on the cloud: 41 percent report managing multiple cloud-based systems with significant use in production; 23 percent are using cloud at scale with significant infrastructure automation; and another 24 percent are in the process of expanding their use, with some production workloads under limited infrastructure automation.

But when it comes to cloud infrastructure security, confidence is notably lacking: 25 percent of IT professionals are only “somewhat confident” that their infrastructure is secure against breaches. What’s more, 42 percent of organizations have no cloud infrastructure governance tools and processes in place, while 68 percent rely on paper-based checklists for infrastructure policies. In addition, 31 percent of application developers either don’t understand infrastructure risk or don’t know what to do to mitigate it.

When it comes to ensuring compliance for infrastructure provisioning and ongoing operations:

  • 62 percent rely on manual reviews of infrastructure change
  • 60 percent rely on manual remediation for policy violations and configuration drift
  • 17 percent don’t validate compliance before infrastructure is provisioned

When breaches occur, the C-suite is responsible, according to the IT professionals surveyed. When asked who should be held accountable when a data breach occurs, nearly half (47 percent) of IT professionals said the CEO, followed by:

  • CIO — 32 percent
  • VP of Cloud — 31 percent
  • CTO — 23 percent
  • Cloud Architect — 22 percent

True DevSecOps Collaboration Is Attainable

The number one reason IT professionals say their organizations haven’t fully implemented infrastructure governance is that security and compliance slow down innovation (55 percent).

Another 44 percent say they struggle to keep track of all the infrastructure they have running, and an equal number struggle to identify and respond to infrastructure risks. More than a third (39 percent) cite the lack of collaboration between security, compliance, and IT.

“Optimized infrastructure governance is attainable but not with manual reviews and remediation, which are slow and prone to error,” added Stella. “What companies need is a holistic solution like Fugue, where true DevSecOps collaboration is focused on infrastructure and policy-as-code libraries that are vended across the organization and where the system that provisions is the same system that monitors and remediates drift and policy violations. This provides a single source of truth and trust for infrastructure state. And it means total visibility into cloud infrastructure. Organizations can now go fast, see everything, and get enterprise cloud right from the start—and ensure things stay that way.”

About Fugue

Fugue helps enterprises get cloud right. By automating the provisioning and control of policy-driven workloads, Fugue ensures that cloud infrastructure always conforms to corporate rules, regulatory policies, and secure IT practices, while providing visibility into workload operations. The result? A cloud that always operates exactly as intended. If anything drifts, Fugue fixes it. Immediately. Automatically. Fugue provides developers the freedom to innovate fast and with confidence that the infrastructure is always guarded, resilient, and secure. The company has eight patents granted and 16 pending. Privately held and headquartered in Maryland, Fugue’s investors include New Enterprise Associates, Future Fund, Maryland Venture Fund, and Core Capital Partners. Gartner named Fugue a Cool Vendor in Cloud Computing 2017.

To learn more about migrating your existing infrastructure to Fugue, visit www.fugue.co/migrate.

Media Contact:
Gabrielle Jasinski for Fugue

Secure Your Cloud

Find security and compliance violations in your cloud infrastructure and ensure they never happen again.